Face Recognition Goes Mainstream For Notebooks 130
MojoKid writes "Consumer and business-class computer security has clearly become more sophisticated over the years.
Recent advances in recognition technology have brought forth new capabilities, like what can be found in Toshiba A305 series notebooks. Toshiba's Face Recognition software allows you to log in to the system simply by having your face properly recognized by the integrated webcam during Windows startup. Of course, the system's TrueSuite Access Manager also allows you to do the same, only using your fingers and the integrated fingerprint reader. However, TrueSuite goes a step further with the fingerprint reader, also allowing you to log in to Web sites, applications, and networks as well by using just your fingerprints."
Reliability (Score:3, Interesting)
Re: (Score:1)
At least it is better than the fingerprint detectors, where your fingerprints are already all over the machine for the taking.
Re: (Score:1)
sounds like a good lock (Score:4, Insightful)
Otherwise, if the "bad guys" have access to your machine, you're Pwn3d. Demos have been done using pictures of people to fool facial recognition software.
Of course, if an owner has cosmetic surgery or a really nasty accident, it's the owner who'll get locked out of the machine. If they want to use biometric ID for anything but security theater, they need it as part of at least two-factor authentication. . . meaning "something you know" (i.e., a password) or something you've got (e.g. an RFID token key)
Re: (Score:2, Interesting)
Re: (Score:2)
And if you have any sort of failsafe in place for when you lose your passwords, people will use that to obtain access.
Basically, the moment anyone has physical access to your machine fingerprint readers make
Re: (Score:2)
I mean... Take OS X for exampole. Just pop in the install CD and you can enable the root account and reset the system password. There are plenty of 3rd party apps for windows that do the same thing (actually I'm sure MS even provides some tools on MSDN for admins).
You could setup a password required to boot from CD or another drive, but if you have physical access to the machine you can usually take out the hard drive and put it in another
Re: (Score:2)
I mean... Take OS X for exampole. Just pop in the install CD and you can enable the root account and reset the system password. There are plenty of 3rd party apps for windows that do the same thing (actually I'm sure MS even provides some tools on MSDN for admins).
Certain features of the OS, such as encryption/stored passwords, sometimes get erased or reset if you do that (or otherwise have a separate independent password.)
If you have some embarrassing information on your system (e.g. a collection of images, comics, or stories), they will become inaccessible unless you've backed up your security certificate to another secure location.
Re: (Score:2)
Of course, if an owner has cosmetic surgery or a really nasty accident, it's the owner who'll get locked out of the machine.
It doesn't even require something traumatic. What about if someone decides to shave their beard. (Or their friends decide to do it for them while the are asleep.) Now we are talking about regular situations like: "I need to look presentable for my job interview. Oh no! I can't get my resume off the computer!"
Re: (Score:2)
Most of the times these functions exist to make it easier to logon/logoff. You'll do it sooner that way. I have to type my password many, many times a day because I am supposed to lock my machine whenever I am not around. After a while you stop doing so when you are going for the coffee machine (5m) then the toilet (
Re: (Score:2)
Now *that* is funny. Got any links?
Also, couldn't you use multiple cameras spaced slightly apart to determine if the face presented to you is actually being seen in three dimensions?
google on (Score:2)
Re: (Score:2)
Always a little scary that the software makes you add in several fingers, using both hands, just in case you lose one.
and the downgrade? (Score:2, Insightful)
Re:and the downgrade? (Score:5, Insightful)
It'd be great to have computers with stereo vision... With so many computers now coming standard with pinhole webcams, surely they don't cost too much. You could place one webcam at each top corner of the screen and then the computer would be able to produce a 3-D image of its environment.
Now you have to get a 3-D model of the person's face instead of just a photo.
This whole thing could be really bad. Imagine someone that just underwent massive facial trauma. Now, not even their computer likes them.
Re: (Score:2)
The **AA will start suing everyone to get control over this:
"Access Denied - You are not the purchaser of these media files and may not listen/view them. Ever"
Re: (Score:3, Insightful)
Re: (Score:2)
Same principle, now you just hold two different photos up instead of one. :-P
Re: (Score:2)
Re: (Score:2)
I wonder how big the percentage is of people that use their computer in the morning before they shave?
Or even for the ladies, that magical facial/hair transformation they call 'getting ready for work'.
That's be pretty annoying on a Saturday having to get up and get the shower and makeup on etc before your computer would let you login.
Re:and the downgrade? (Score:4, Interesting)
Yes and no. For someone buying a laptop and then making regular use of this technology, it's absurd, or at least little more than a toy when viwed from a security perspective. On the other, we all seem to be heading to a future where computers are, or least behave, in a more personal manner, so in that sense, this technology is, for lack of a better word, a really cool idea.
Then, consider that the world around around us is demanding increased security and is thus subject to increased surveillance and control. That's true from the CCTV cameras monitored by law enforcement, to the folks at your local DMV or voting precinct trying to prevent fraud, to the liquor store owner checking his store while he's at home. It's a fair assumption that with increasing interest in these technologies, we'll see a corresponding increases in research and development, which will, in the end, lead to widespread usage of whatever technology wins out, whether that's iris scans, fingerprints. forearm barcode tatoos, DNA, faces, or a combination of any of the above. If you took a vote on which approach people want, I doubt anyone would say "It's more passwords and PINs for me!".
If it becomes possible to replace every lock and key with some sort of recognition software, would you complain, or tout all the benefits? Or if you could save tax dollars by replacing local security on the streets and Home Depots everywhere with similar software, would you view that a good or bad idea?
Let's face it, the above scenarios aren't very likely, at least in the short term. We're still working on voice recognition. For now, however, it doesn't mean we can't have fun playing with Toshiba laptops.
Re: (Score:2)
I'm not sure there's much of an increase in actual R&D, most of what we're seeing in the biometric security field looks more like slick salesmen conning gullible people out of their money.
If it becomes possible to replace every lock and key with some sort of recognition software
Some sort of secure recognition software? Well, pretty much the only biometric factor that cannot currently be copied, surreptiosly picked up or faked is the contents
Re: (Score:1)
Re: (Score:1)
You know how laptops seem to be going downhill in speed and stuff and people are buying ones with waaaay slower hardware that don't even run windows.
This is the perspective one obtains when only getting their news from slashdot. There's plenty of strong gaming laptops out there with lots of battery-draining power and they sell pretty well. For some reason, we only hear about Apple products, EEE PCs, and such on here. I suspect advertising partnerships, but I'm paranoid like that.
Re: (Score:1)
Also, facial recognition usually works by "storing information about facial features in a database and comparing it at login", I seriously doubt dimensions is excluded from that list, th
I'd rather get info from people with a clue. (Score:5, Insightful)
I have one of these laptops... (Score:1)
However, when I read my manual it also said, "People with similar faces might be logged in to your account by accident." So I decided to not use this feature. It's pretty good for people with distinctive faces, though.
Re: (Score:2)
Cut off fingers? (Score:4, Insightful)
Re:Cut off fingers? (Score:5, Insightful)
Biometric ID has it's bad points, and certainly, in the most secure settings, you'll probably want to make sure you have contingencies for these. But these are not notebooks designed for the FBI, they are designed for the security conscious business user.
With that in mind, suppose, today, that a criminal was sitting before you with a knife, threatening to cut off your fingers one by one if you did not give him your notebook password. Are you really willing to sit there and tell me that you would rather have your hands butchered than give up your text-based password?
If someone was really willing to go to lengths like cutting your fingers off, then they probably have all sorts of incentive to do all sorts of awful things. I'm not sure Biometric security appreciably changes the situation for 99.9% of users.
Re: (Score:3, Funny)
With that in mind, suppose, today, that a criminal was sitting before you with a knife, threatening to cut off your fingers one by one if you did not give him your notebook password. Are you really willing to sit there and tell me that you would rather have your hands butchered than give up your text-based password?
That's where plausible deniability tech comes in. You'd give the criminal an alternative password which works but decrypts a dummy disk instead.
Though, the same technique could work for fingerprints. One finger gives you the real files, another gives you the dummy. Though testing for this isn't that hardm as there are only 10 to check.
Re: (Score:3, Funny)
Re: (Score:2)
Re: (Score:2)
Re: (Score:1)
With a fingerprint, they need my finger.
Despite the "if that's the situation you're already screwed", I'd prefer having the opportunity to cooperate.
Re: (Score:3, Insightful)
But these are not notebooks designed for the FBI, they are designed for the security conscious business user.
That's the problem. People believe that these things are secure enough for the security conscious business user. Laptops are stolen all the time, whether for corporate espionage purposes or for resell value. The thing most people don't realize is that you don't have to cut someone's finger off to use their fingerprint on common scanners. There are many ways (the gummy bear technique) to fake a person's finger and print for these cheap fingerprint scanners.
How hard is it to type in a ten character pas
Re: (Score:2)
If I stole your laptop I probably wouldn't have to bother with the fingerprint sensor to get at your data. I'd just rip out the hard drive and connect it to my compu
Re: (Score:2)
Yes, they do cut off fingerss. (Score:5, Informative)
Of course face recognition is good: hold up a photo to the camera, and you're good.
Re: (Score:2)
I'd rather the criminal could just take the laptop without ever having to threaten me, TBH. Similarly, I'd rather have a car with old fashioned mechanical locks on the doors and ignition (the UK
Re: (Score:3, Insightful)
No, of course not. I'd give up the password in an instant. That's the point! There better be a text-based alternate login.
Re: (Score:2)
Re: (Score:2)
With that in mind, suppose, today, that a criminal was sitting before you with a knife, threatening to cut off your fingers one by one if you did not give him your notebook password. Are you really willing to sit there and tell me that you would rather have your hands butchered than give up your text-based password?
It's not a realistic scenario; if you were sitting beside a criminal then they could just force you to put your fingers onto the finger print reader (no amputation required). In general, a criminal would not even need your actual fingers, but just your finger prints.
I would suppose that the computer algorithm would probably just need the md5 hash of the finger prints.
This technology makes security more interesting, and not necessarily more foolproof.
Re: (Score:2)
Which are usually available all over the nice glossy surface of laptop itself. Unless you're always wearing gloves.
This technology makes security more interesting
Like most buyometrics I'd say it mostly makes security more profitable. Nothing like high-tech snakeoil to part the gullible from their money.
Re: (Score:2)
Well, you obviously base your argument on false presumption that a criminal has immediate access to you and the notebook at the same time, same place.
However, if this is not true (e.g. they stole the notebook first and hidden somewhere, then discovered the need for the fingerprint and got to you - the owner), they are very likely to cut off your finger whether you're willing to cooperate or not. It's simply so much easier to move around the city with a cut off finger than with a kidnapped person (or corps
The Mythbusters did it (Score:2)
About the face recognition, how would a life-size printed photograph of the person work?
Re:Cut off fingers? (Score:4, Informative)
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Fortunately [schneier.com] there [www.ccc.de] are [theregister.co.uk] less [newsfactor.com] painful [newswise.com] techniques [securityfocus.com].
Basically the hacker "lifts" your fingerprint and copies it onto latex/gummi/clay. Or just hacks the device-driver.
Re: (Score:2)
Better still:
Now the thief of your luggage has more use for your dead body than for you alive.
Re: (Score:1)
Evil twin (Score:5, Funny)
Re: (Score:1)
Re: (Score:2)
Re:Evil twin (Score:5, Funny)
Re: (Score:1)
Re: (Score:2)
This seems so gimmicky. (Score:4, Insightful)
It's also likely the package is designed to be circumvented out of the box, as there could be some painful customer support issues if their software ever manages to lock out a legitimate user without such a feature.
Even with this, there's nothing to stop a common criminal who will just nuke and pave the system for export to South America or another country, which occurs quite often.
Re: (Score:2)
push pointer
call GetAndProcessFace
push eax
push storedinfo
call CompareFace
test eax, eax
je badboy_logout
as the same user who it's designed to protect, instead of being linked to something secure like disk encryption under a password derived from a biometric hash [inist.fr]. And with face recognition, it also has to deal with replay attacks, and again, it wouldn't surprise me if it didn't.
Re: (Score:2)
making face authentication secure (i.e. linked to drive encryption) is a TERRIBLE idea, because faces can, do, and often change. you could get a broken nose. you could get burned. you could get slashed. you could lose teeth. you could get plastic surgery. and then you lose
easy to fool.. (Score:1)
Sounds like a bit of a gimmick to me.
Re: (Score:2)
Oh no! Not again. (Score:5, Informative)
It is important to note that both fingerprint and face-recognition technologies are not foolproof--there are a number of known, low-tech means of circumventing them. As such, depending on how secure access to your system, data, and Web sites needs to be, you might want to think twice before relying on these alternatives to typewritten passwords.
Right! Such as presenting it with a photo of the owner. Or using one of several well-known techniques to lift a fingerprint from somewhere (the computer itself?) and create a fake finger.
Why isn't this kind of "security" generally laughed at by the consumers?
http://www.youtube.com/watch?v=LA4Xx5Noxyo [youtube.com]
http://www.theregister.co.uk/2002/05/16/gummi_bears_defeat_fingerprint_sensors/ [theregister.co.uk]
And from 1998:
http://www.schneier.com/crypto-gram-9808.html#biometrics [schneier.com]
Re: (Score:2, Insightful)
Re: (Score:2)
Right! Such as presenting it with a photo of the owner.
Lenovo's face recognition system for their notebooks supposedly cannot be fooled by high-resolution photos [lenovoblogs.com]. Of course, this is coming from a Lenovo-run blog, so it may not be objective. From the blog article:
First up was an 8 x 10 color glossy photograph of yours truly (with circles and arrows and a paragraph on the back). No matter how I held the photograph, no matter whether the sec
Re: (Score:1)
"Depending on the software used, face recognition uses multiple techniques to identify a person's face. Some of the more advanced programs use texture mapping in which a person's skin texture is analyzed and matched. Most however, define nodal points on a person's face and then use software to mathematically represent those points. Things measured include distance between the eyes, width of the nose, length of the jaw line, or shape of the cheekbones. Together these concatenate a numerical code which is stored in a database for later retrieval.
This is all bad. What if I decided to grow a beard or spend a lot of time outdoors, getting various shades of skin from tan, pale, to burned? I'm betting on it being a nightmare for males due to the facial hair factor.
I had enough trouble with thumb readers at my previous job (which I was admin of the box and had like 30 scans entered in to make it more likely to identify one of my scans), and there would be days where either the temperature had a big swing where none of the readers would get a goo
Re: (Score:2)
Personally I just want the system to autologout if I walk away. Bonus points if I can feed it a picture of someone I dont want to use my computer if they come over to my house, so I can let everyone else have web access :)
Re: (Score:2)
Exactly. This is crap. The sooner that people learn that biometrics are largely unique, but rarely private (I can take a picture of you in the street, or lift your fingerprint from anything you touch), the sooner we'll stop trying to build security systems around it.
Add to that the whole non-revocation of credentials bit inherent in biometrics, and suddenly smart cards and passwords seem a whole lot more practical. Guess they're just not sexy enough any more.
Re: (Score:2)
These are mostly to provide protection against laptop loses. You may be surprised but there aren't that many spies running around lifting people finger prints/getting thier pictures while stealing laptops, only in the movies really.
Now while I am sure this sort of thing does happen outside of movies, why don't you use your fucking brain and think about it for a second. Does it happen to the average person? NO.
I guess we should have locks, because someone can lock-pick/bump the
Brian Damage. (Score:1)
This is new? (Score:3)
Thinkpads have done this for at least two years already. The password manager app even has a plugin for Firefox. Mind you, I disabled it almost immediately because it adds an addition, out-of-place "Save this password?" prompt to every ever remotely passwordy prompt in Windows, IE, or Firefox.
But the functionality is there, and has been for some time. I hope these TrueSuite guys don't genuinely think they've got something new.
Re: (Score:1)
Re: (Score:1)
Another gimmick (Score:4, Insightful)
Rubbish. Without full disk encryption, laptops today are as vulnerable as they were 15 years ago. If anything they're *more* vulnerable nowadays, simply because we store more on them, keep them connected to the net all the time, and more people are using them.
Gimmicks like fingerprint readers and face recognition are worthless if someone steals your machine. Simply boot knoppix, mount the fat/ntfs partition and copy all that juicy data right off the drive. In fact this happened to a high-profile person recently - someone recovered Adrian Sutil's (F1 driver) discarded hard disk and tried to get money off him in exchange for not publishing his photos and emails.
Face recognition is probably good fun to try out in the store and maybe help sell a few machines. But disk encryption and strong passphrases are inconvenient and require a bit of work, so nobody uses it.
Re: (Score:2)
Besides having a camera in your laptop could also have it's advantages.
Re: (Score:2)
Re: (Score:2)
Rubbish. Without full disk encryption, laptops today are as vulnerable as they were 15 years ago. If anything they're *more* vulnerable nowadays, ... keep them connected to the net all the time ...
Not to overstate the obvious, but if you are worried about someone remotely hacking into a live system, full disk encryption does nothing, unless it's a kind of "disk" (more often an image used as loopback device) that you mount only when you are using it. The rest are just as vulnerable as without encryption, if you leave them decrypted all the time.
Now, wiith preloaded crapware! Do not buy. (Score:5, Informative)
The A305-S6845 comes with a fairly crowded Windows desktop, filled with icons for pre-loaded software and web links to numerous free offers.
This thing has substantial crap preloaded onto it. It even has Vongo pre-installed, which is very hard to uninstall. [cnet.com] It has PowerCinema installed, which not only is hard to uninstall but uses resources when idle. And those are just the ones known to be malware. Buy from another vendor.
Re: (Score:1)
they CHARGE YOU 20 dollars to remove something they charged another company to include into their machines, and which technically falls afoul of various computer crime laws by the very virtue that a computer's owner cannot remove it.
Re: (Score:1)
The fact that it is crap still stinks.
Not really new (Score:5, Insightful)
old tech (Score:1)
Face recognition leads to face targeting (Score:2)
It seems to me that one would only need to add a rotating machine gun turret to one of these cameras to create an automatic firing system. One shot per face and then round-robin. You know, the kind that you don't even need to lift your head to look, it does all of the loo
Re: (Score:2)
Re: (Score:2)
Since this technology on the PC in TFA is supposed to identify individual faces, it might even be able to differentiate between friend or foe, though it wouldn't be a good idea to entrust anyone's life to its accuracy.
A previous slashdot story with an article from Rolling Stone revealed that the face recognition software sold to the Chinese by a U.S. security firm uses the distance between the eyes as o
why not just use auto-login? (Score:2)
Also, this isn't going to do anything to protect your files. You still need to use strong encryption, and you aren't likely to get that from face recognition.
identification != authorization (Score:2)
Use a high-res picture of notebook's owner (Score:1)
What a waste of space. (Score:2)
The best security is (Score:1)
Something I know (password) +
Something I am (biometrics) +
Something I have (key)
Use all three for added security.
What we are seeing with laptops is that they are becoming commodities. Features are maxed out, people don't need any new ones.
So now we will have Ferrari editions, gell casing, wet feel touch pad, reflective screen (Why I have no idea) and a myriad of useless features trying to differentiate them.
Now is the time for Linux but then Linux is irrelevant. All you need is a box that w
Misleading title (Score:1)
More like: (Score:1)
Physical Acces (Score:2, Insightful)
State of the Art Fingerprint Scanner (Score:2)
The Stylish Beard of the Week Club (Score:2)
Still, cool (Score:2)
Multifactor Might Work (Score:2)
But each/both of them are crackable if I'm coerced to login, perhaps even if my dead body is forced up against my ATM. (I know I would
Not that great (Score:2)
My random, alphanumeric password takes about 1-2 seconds to type in. The software takes about that long just to start the webcam, and then an additional 5 seconds to recognize the face. Also, obviously, you'd have to change your password to something extremely long and random (that maybe you didn't even know) for this to be useful.
On top of that, I register
I'm curious (Score:2)
How would it distinguish between a 2d photo and a 3d person seeing a camera photos in 2d anyway.